[10375] in bugtraq
Re: Possible DOS in WinNT RAS (PPTP)
daemon@ATHENA.MIT.EDU (Aleph One)
Wed Apr 28 15:54:54 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990428124602.A13060@underground.org>
Date: Wed, 28 Apr 1999 12:46:02 -0700
Reply-To: Aleph One <aleph1@UNDERGROUND.ORG>
From: Aleph One <aleph1@UNDERGROUND.ORG>
To: BUGTRAQ@NETSPACE.ORG
Some more feedback from folks. It seems that there is indeed an issue
here but reproducing it is difficult.
Please if you are going to send a report on this issue please make sure
you include Service Pack level, whether you are using RAS or RRAS,
whether you are using 40-bit or 128-bit, whether the machine froze, BSOD,
or rebooted, and what network card you are using.
WORKED:
Paul M. Hirsch <pauldoom@webcreate.net>:
* NT 4.0, SP3, RAS, PPTP
* Proliant PPro 200
* Netelligent 10/100 ethernet
* Compaq Fibre array
Martin Rex <martin.rex@sap-ag.de>:
* NT 4.0, SP3, 40-bit, PPTP, RAS
* BSOD: STOP 0x0000000A in RASPPTPE.sys
Ronny Cook <ronny@tmx.com.au>:
* NT 4.0, SP4, RAS, PPTP
* RAS & PPTP installed after SP4
* The problem disappeared when SP4 was reinstalled as per
Microsoft's instructions.
Emmanuel Tychon <etychon@cisco.com>:
* NT 4.0, SP3
* Machine freezes (dead mouse)
Greg <gmo@sirius.com>:
* NT 4.0
Didn't work:
"Chad D. Lingmann" <chadl@PROVO.NETSchools.net>:
* RRAS
From Andrew Lewman <ALewman@Lifespan.org>:
RedHat 5.2 with all patches against:
NT Server 1 has RRAS, SP4, NT Enterprise, Option Pack 4, PPTP w/96 VPNs (23
active at the time), Compaq Netelligent 10/100 running at 100 Mbits Full
Duplex, with drivers from latest SSD
NT Server 2 has RAS, SP4, NT Enterprise, PPTP w/ 96 VPNs (45 active at the
time), 3Com 3C905b 10/100 running at 100 Mbits full duplex with latest
standard NT4 SP4 driver installed.
NT Server 3 has RRAS, SP4, NT Server, Option Pack 4, PPTP w/20 VPNs (none
active), Compaq Netflex-3 10/100 running at 100 Mbits full duplex with
drivers from latest SSD.
I tried 256 through 2,560 "h"'s in intervals of 100 h's, Ctrl-D for
each interval of h's. Nothing. Very temporary spike in process usage for
the processes associated with RAS, went away instantly.
Errata:
Russ actually said he was using RAS, not RRAS. Mea culpa.
--
Aleph One / aleph1@underground.org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
